Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Microsoft Blames Poor Development Practices For Security Risks

31 Mar 2011   #1

Windows 7 Home Premium 64bit
Microsoft Blames Poor Development Practices For Security Risks

Microsoft Blames Poor Development Practices For Security Risks

Windows and Internet Explorer are at greater risk of attacks because developers don't use mitigation technologies built into the software, said Microsoft.

By Mathew J. Schwartz InformationWeek
March 31, 2011 12:52 PM

(click image for larger view)
Slideshow: 10 Massive Security Breaches

Too few applications and browser plug-ins are implementing attack-blocking security mechanisms built into Windows and Internet Explorer. Microsoft made that assertion in "The SDL Progress Report," released Wednesday, which details the evolution of the company's security development lifecycle, used internally, as well as the uptake of mitigation technologies that Microsoft makes available to developers.
Ah, Ye ole mitigation technologies thingy

Free Microsoft Security Toolkit (EMET 2.0) Bulletproofs Arbitrary Apps

As promised at the end of July 2010, when Microsoft announced the next iteration of a security toolkit designed to help customers bulletproof arbitrary applications, Enhanced Mitigation Experience Toolkit 2.0 is now available for download.

EMET 2.0 is obviously the successor of version 1.0 of the tool, but evolved, guaranteed to bring a little extra kick to customers’ security game.

When talking about the tool, the Redmond company always emphasized that the release is designed to enable users to easily add security mitigation technologies to arbitrary applications.
ISV adoption of mitigation technologies

Rate This

Michael Howard
Sep 21, 2010

Hi, Michael here,
Over the last few weeks, Matt Miller, Matt Thomlinson, John Lambert and I worked on a paper that describes the various buffer overrun defenses we offer in Windows Vista and later and Windows Server 2008 and later.
I’d like to introduce a guest SDL blogger, Matt Miller, a member of our Security Research and Defense team, who has written a great article that describes the rationale behind the paper.

Over to Matt…

On our Security Research and Defense blog we have previously described the security benefits of mitigation technologies like Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR)[1,2]. These technologies and others like them (SEHOP, GS, etc) are designed to make it more difficult for attackers to reliably exploit software vulnerabilities. The growing prevalence of these technologies has contributed to increased interest from the security research community on the subject of developing new bypass techniques[3]. We value the research community’s findings in this area and are continuing to work on improving the effectiveness of our mitigation technologies. In the meantime, there are important steps that Independent Software Vendors (ISVs) must take to ensure that these mitigations are as effective as possible.

In practice, the effectiveness of mitigations like DEP and ASLR is heavily dependent on how completely each mitigation technology has been enabled by an application. Failing to completely enable a mitigation technology leaves low-hanging fruit that an attacker can use to their advantage when developing an exploit.
Good idea to use EMET and properly configure it?

Enhanced Mitigation Experience Toolkit (EMET)

Yea, yea I think it is.

This whole thingy is just one reason while Windows 7 is a lot more secure than XP.

Yea, yea, I think it is.

My System SpecsSystem Spec


 Microsoft Blames Poor Development Practices For Security Risks

Thread Tools

Similar help and support threads
Thread Forum
Wi-Fi routers: More security risks than ever
Read more at: Wi-Fi routers: More security risks than ever | Security & Privacy - CNET News
Security News
How I ditched the security risks and lived without Java, Reader, and F
Security News
The Hidden Security Risks of P2P Traffic
Source A Guy
Security News
Java Security Risks
Hi, Jacee and Corinne like to remind us to make sure our Java is updated if we really feel we can't do without it. I came across this interesting article by Ed Bott, and one particular paragraph stood out for me: And also:...
System Security
The Microsoft Security Development Lifecycle Evolves.
Source - The Microsoft Security Development Lifecycle Evolves - With new resources - Softpedia
Microsoft blames Windows 7 upgrade mess on .....
More at: Microsoft blames Windows 7 upgrade mess on user confusion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:20.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App